diff options
author | Alexander Alexeev | 2017-04-05 18:51:31 +0700 |
---|---|---|
committer | Vitaly Takmazov | 2017-04-05 15:13:40 +0300 |
commit | 66d3be7862c8525f6f85e387503c6002a00371ee (patch) | |
tree | 9f2e668c7f1771f58676ac82068261f6ca576dd6 /juick-www/src/main/java/com/juick/www/configuration | |
parent | a06c82e4ecfea6452f4d90aa41189f294c434160 (diff) |
rememberMe improved: added compatibility with old version
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/configuration')
-rw-r--r-- | juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 3c674d0c..d3aa9e81 100644 --- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -8,12 +8,13 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.authentication.RememberMeServices; +import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.annotation.Resource; @@ -66,11 +67,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .failureUrl("/login?error=1") .and() .rememberMe() - .tokenValiditySeconds(6 * 30 * 24 * 3600) - .alwaysRemember(true) - //.useSecureCookie(true) // TODO Enable if https is supports .rememberMeCookieDomain(webDomain).key(rememberMeKey) - .userDetailsService(userDetailsServiceBean()) + .rememberMeServices(rememberMeServices()) .and() .csrf().disable() .authenticationProvider(authenticationProvider()) @@ -87,8 +85,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { } @Bean - public HashParamAuthenticationFilter hashParamAuthenticationFilter() { - return new HashParamAuthenticationFilter(userService); + public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception { + return new HashParamAuthenticationFilter(userService, rememberMeServices()); + } + + @Bean + public RememberMeServices rememberMeServices() throws Exception { + TokenBasedRememberMeServices services = new TokenBasedRememberMeServices( + rememberMeKey, userDetailsServiceBean()); + + services.setCookieName("juick-remember-me"); + services.setCookieDomain(webDomain); + services.setAlwaysRemember(true); + services.setTokenValiditySeconds(6 * 30 * 24 * 3600); + services.setUseSecureCookie(false); // TODO set true if https is supports + + return services; } @Override |